Susan Bradley
Contributing Writer
Susan Bradley has been patching since before the Code Red/Nimda days and remembers exactly where she was when SQL slammer hit (trying to buy something on eBay and wondering why the Internet was so slow). She writes the Patch Watch column for Askwoody.com, is a moderator on the PatchManagement.org listserve, and writes a column of Windows security tips for CSOonline.com. In real life, she’s the IT wrangler at her firm, Tamiyasu, Smith, Horn and Braun, where she manages a fleet of Windows servers, Microsoft 365 deployments, Azure instances, desktops, a few Macs, several iPads, a few Surface devices, several iPhones and tries to keep patches up to date on all of them. In addition, she provides forensic computer investigations for the litigation consulting arm of the firm. She blogs at https://www.askwoody.com/tag/patch-lady-posts/ and is on twitter at @sbsdiva. She lurks on Twitter and Facebook, so if you are on Facebook with her, she really did read what you posted. She has a SANS/GSEC certification in security and prefers Heavy Duty Reynolds wrap for her tinfoil hat.
Review your on-prem ADCS infrastructure before attackers do it for you
Attacks through Active Directory Certificate Services are fairly easy for bad actors to perform but basic vigilance and built-in Windows protections can help mitigate the risk of a breach.
How Microsoft’s Shared Key authorization can be abused and how to fix it
Orca Security revealed a potential point of entry for attackers through Shared Key authorization that could inadvertently become a gateway to sensitive data.
Let’s pump the brakes on the rush to incorporate AI into cybersecurity
AI has the promise to enhance many forms of security and help implement protective measures. But hold on a minute — as its take on just one Microsoft update shows, it’s not fast enough or expert enough to be trusted yet.
Managing security in the cloud through Microsoft Intune
Microsoft’s cloud-based endpoint management service extends Active Directory features to Microsoft Azure cloud.
Defending against attacks on Azure AD: Goodbye firewall, hello identity protection
Gone are the days when a good firewall was key to keeping attackers out of a network. Azure Active Directory users need to know the new weak spots in identity authentication and protection and how to mitigate attacks.
Why you might not be done with your January Microsoft security patches
Microsoft released a flurry of security patches and updates in January, so it would be easy to overlook these two.
Why it's time to review your on-premises Microsoft Exchange patch status
Microsoft's recent Patch Tuesday addressed some Exchange Server vulnerabilities, but other steps might be needed to fully secure it.
Why it might be time to consider using FIDO-based authentication devices
Access codes sent by SMS or authenticator apps can be bypassed by clever phishing. Hardware-based tokens make that harder to do.
Social media use can put companies at risk: Here are some ways to mitigate the danger
Using social media can expose company and employee data, and misuse could harm organizational reputation. Here are some tips that can help reduce the risk.
Microsoft's rough 2022 security year in review
The ubiquity of Microsoft technology in organizations big and small make it a target for attack. These are the most important vulnerabilities and fixes from 2022 that admins need to know.
How to reset a Kerberos password and get ahead of coming updates
If you haven’t already, now is the time to reset your Kerberos password — take proactive action to ensure that you are one step ahead and prepared nearly a year in advance of future hardening.